Scripts Feed Business Directory - SQL Injection



EKU-ID: 18888 CVE: OSVDB-62626;CVE-2010-1092 OSVDB-ID:
Author: Crux Published: 2010-02-27 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


==============================================================================
    [~] Scripts Feed Business Directory SQL Injection Vulnerability
==============================================================================
    [+] My home          [ http://hack-tech.com ]
    [+] Date Submitted:  [ February 27 2010 ]
    [+] Founder:         [ Crux ]
    [+] Vendor:          [ Scriptsfeed ]
    [+] Version:         [ ALL ]
    [+] Download:        [ http://www.scriptsfeed.com/business-directory.html ]


[ EXPLOIT ]
- This vulnerability affects login.php
-The POST variables 'us' and 'ps' are vulnerable.

[ ATTACK DETAILS ]
us=user&ps=${SQLINJECTIONHERE}&s1=LOGIN

==============================================================================